Citrix Products Multiple Vulnerabilities
Release Date: 27 Aug 2025
RISK: High Risk
TYPE: Operating Systems - Networks OS
Multiple vulnerabilities were identified in Citrix Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, security restriction bypass and remote code execution on the targeted system.
Note:
CVE-2025-7775 is being exploited in the wild. It is a memory overflow bug that can lead to unauthenticated, remote code execution on vulnerable devices.
Devices must be configured in one of the following configurations to be vulnerable:
- NetScaler must be configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server
- NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with IPv6 services or servicegroups bound with IPv6 servers
- NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with DBS IPv6 services or servicegroups bound with IPv6 DBS servers
- CR virtual server with type HDX
Hence, the risk level is rated as High Risk.
Impact
- Remote Code Execution
- Security Restriction Bypass
- Denial of Service
System / Technologies affected
- NetScaler ADC and NetScaler Gateway 14.1 before 14.1-47.48
- NetScaler ADC and NetScaler Gateway 13.1 before 13.1-59.22
- NetScaler ADC 13.1-FIPS and NDcPP before 13.1-37.241-FIPS and NDcPP
- NetScaler ADC 12.1-FIPS and NDcPP before 12.1-55.330-FIPS and NDcPP
Solutions
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
沒有留言:
發佈留言